These days, if you're publishing a web site - or surfing the web - you have to watch your back, constantly. Merely publishing a secure site - or only surfing to secure sites - may not be enough. Any link on any web site might link to another web site, with malware. Worse, any link on any web site might not link to a web site with malware, but to a web site that links to another web site, with malware. And so on ...

How do you draw the line how far to look? You can use a browser add-on which monitors your surfing, and tells you which web sites are safe, or aren't safe - but that add-on better go beyond just checking the immediate web site.

We click on the link for "popuptraffic.com", and see the report for "popuptraffic.com". "popuptraffic.com" is clean, but it links to "javapo.t35.com", "downner.blogspot.com", and "lpspain.galeon.com".

We click on the link for "javapo.t35.com", and see the report for "javapo.t35.com". "javapo.t35.com" is not clean. Reports for "downner.blogspot.com", and "lpspain.galeon.com" contained similar warnings.

Malicious software includes 26 exploit(s), 2 trojan(s), 1 scripting exploit(s). Successful infection resulted in an average of 5 new process(es) on the target machine ... Malicious software is hosted on 12 domain(s), including velassin.com/, rmbclick.com/, 39m.net/.

11 domain(s) appear to be functioning as intermediaries for distributing malware to visitors of this site, including popuptraffic.com/, adtrak.net/, hele.t35.com/.

We see evidence that the web site monitoring process is persistently cyclic.

The last time Google visited this site was on 2009-09-04, and the last time suspicious content was found on this site was on 2009-09-04.

And, it describes details about the degree of danger.

Malicious software includes 26 exploit(s), 2 trojan(s), 1 scripting exploit(s). Successful infection resulted in an average of 5 new process(es) on the target machine.

"earnovertheinternet.blogspot.com" and "popuptraffic.com" had apparently been visited that same day, 2009/09/17.

What is the current listing status for earnovertheinternet.blogspot.com?

Site is listed as suspicious - visiting this web site may harm your computer.

Part of this site was listed for suspicious activity 1 time(s) over the past 90 days.

What happened when Google visited this site?

Of the 1 pages we tested on the site over the past 90 days, 1 page(s) resulted in malicious software being downloaded and installed without user consent. The last time Google visited this site was on 2009-09-17, and the last time suspicious content was found on this site was on 2009-09-17.

17
comments:

Those welcomed alerts and that funny option to "get me out of here!" is what I love about FF! On IE6 I got stuck on a handful of pages that claimed malware was detected or that my anti-virus program needed updating or whatever. I knew not to click on anything, but found I usually could not access the toolbars or shut down the page. I'd have to use taskmanager to shut down the browser. Annoying and scary. When I informed Windows (by the Report Site option) of the offending website, they made it difficult: call this person and blah blah blah. Isn't giving them the Google Search and Actual website link enough?

My brother recommended FF, and I've been in love with it ever since. I've only had two known encounters, both thwarted by FF warnings. Of course, that doesn't mean they are aware of every site, so I take precautions. When looking at the Google Search links, I skim the site link previews...if the wording is nonsensical or odd or (a group of words that that are not a complete and comprehensible sentence or if they're offering too much (such as, Hot Pics of So and So) those are clues for me to to bypass that search link.

My reason for visiting your site is to share with you the following post I saw today in the Statcounter forum. I wasn't sure which of your blogs to post it on. I'd really like your take on it--have you heard of a similar issue. Here goes:

I use SC to help see how many downloads my ebook site has, and one thing I noticed, some time ago, is visits by 'someone' with the browser name 'Rippers0' (or something similar).

Shortly after I was visited by these browsers my site was hacked. Luckily I managed to fix it, but a few weeks later the same thing happened again.

After I repaired it again (and moved hosts!!), I looked up what this Ripper browser was (something I should have done the first time). Turns out it's a package used to find weaknesses of sites so they can be hacked.

Since then every time I see a Ripper browser I ban the IP address range from my Host control panel.

Any computer application, that has a presence on the web, is vulnerable to hacking. Web servers are vulnerable two ways: through the server itself, and through the data (the websites served).

Web servers that use commercial code like Microsoft or Sun / Unix are more vulnerable in the server code, since there are thousands of web servers using the same code, and there's opportunity for the bad guys to find plenty of examples to experiment with, and to find the security holes.

With Blogger, their code is highly proprietary, and it's disbursed all over their server farm. My suspicion is that Blogger code is more vulnerable in the blogs themselves, and here you'll find social engineering attacks, like the hacker who has apparently taken over the Blogger Gadget Library.

I do feel that bloggers, as individuals, are more vulnerable to hacking. Since there are millions of Blogger blogs, I suspect that the chance of any one blog being successfully attacked will depend upon the vulnerability of the individual blog owner.

Search Me (Custom)

Contact Me

Follow Me

Articles By Topic

Subscribe To Me

Subscribe To

Us

As long as anybody can walk into Sears or
Walmart, and buy a computer or piece of networking gear, take it home,
and install it by herself (himself) there will always be possible
problems. I'll try to help identify the problems, and figure out the
solutions.